2009/10/14 John R. Dennison <jrd at gerdesas.com>:
> Because advising someone to run with known vulnerabilities
> is conducive to maintaining the integrity of critical
> systems?
If those vulnerabilities put your servers at risk in the environment
that you use them, then that would qualify as *need* to upgrade (and
fast).
> I've been seeing this mentality a lot recently, and while
> in some corner-cases it does make sense, for the majority
> of users it does not and leaves them open to pain and suffering
> in the future.
On the one hand I'm quite fortunate that our critical infrastructure
is completely isolated but on the other I'm rather unfortunate with
the requirement for near constant uptime with ageing hardware and no
spare cash - until things go wrong...
I also monitor various lists for vulnerability updates.
> Update once in a while after testing in a properly configured
> test environment and you will, in the long run, be much happier.
Completely agree! :)
Ben